[exodust]

I have Flash enabled all the time. No probs here. Smooth and efficient. I have no agenda or need to kill it.

So much viral hate. Plugins have a right to exist. You gonna declare war on all plugins or just Flash? HTML doesn't necessarily run its full suite of tricks on all browsers and platforms. And my iPad3 often slows to a crawl because of bloated well-known websites. Browser memory maxes out and I can't even switch tabs without full page reloading. Inefficiency follows poor technical design no matter what technology is used.

Is javascript next because of those trendy promo pops where they think you're leaving? Kill everything that sux, or whatever technology it comes from. Kill it all and dance on its grave like there's no tomorrow.

Tomorrow we'll retreat to our native apps with virtual coins and account validation. We'll share our contact lists without knowing that we did, and we won't be blocking ads because we can't.

Tried the Youtube HTML player once. That was one hell of a rough and buggy experience. Switched back to Flash.

Clicked a link to youtube in iOS Safari more than once, and got auto-switched to the youtube app rather than the video play in Safari. I don't know what or who to hate about that, I'm just tired.

[brandonwamboldt]

Flash is a closed source binary plugin with a long history of security vulnerabilities that Adobe was slow to patch. For the most part, JavaScript engines are open source, don't have a history of security vulnerabilities (to the same severity), and are typically patched quickly.

[x0x0]

(linking to myself) https://news.ycombinator.com/item?id=9875333

It's been more than a year since there's been a month without multiple CVE severity 10 bugs.

[koonsolo]

Here is a 2014 vulnerability report of Secunia: https://secunia.com/resources/vulnerability-review/update-al...

Google Chrome is at the top with most vulnerabilities, IE a bit below it, Avant browser, Firefox. Same with the 2015 edition.

Flash didn't even make it in the top 20. And yes, they also evaluated it.

[dveditz_]

You can't compare counts of published vulnerabilities when organizations have vastly different standards of publication. Open source projects (e.g. Firefox, chromium) publish everything, even internally found flaws. Closed-source projects tend to publish only those reported by external reporters, not ones they found internally. At least one hopes they are also fixing lots of internal bugs! They might not be, in which case a low vulnerability count could actually mean they've got lots of unfixed vulnerabilities.

What about attacks found in the wild? Flash takes the cake there, although that may in part mean its ubiquity makes it a useful target.

In any case you can't use Flash to browse the web. You are already taking on the risk of whatever vulnerabilities lurk in your chosen browser; using Flash is adding vulnerability risk on top.